SMTP Authentication

Ihor Prystay ihor at cia.com
Thu Jul 30 08:58:57 UTC 2009 

Check if /usr/local/lib/sasl2/liblogin.so exists - if not you have to
recompile sasl with LOGIN mech support.
Check in your .mc file if you define confAUTH_OPTIONS macro. If you do
make sure 'p' parameter is not on the list or LOGIN would be available
only after TLS encryption which is not a case for you as your working
configuration offers LOGIN during telnet session (it's actually a bad
idea to do authentication clear text).

Ihor


Reed Lai wrote:
> Yes, the new server leaks LOGIN in the 250-AUTH list!
> 
> New server
> =========
> 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
> 
> Functional server
> ==============
> 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> 
> I have checked the generated .cf file in the new server and there are
> class and option listed
> 
> C{TrustAuthMech}GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> O AuthMechanisms=GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN
> 
> The new server has same configuration to old server, but has not LOGIN
> in the 250-AUTH list.
> BTW, the new server has hostname changed once... I don't know if it does
> matter or not..
> 
> Reed
> 
> From: Ihor Prystay
> Sent: Thursday, July 30, 2009 2:35 PM
> To: freebsd-questions at freebsd.org
> Subject: Re: SMTP Authentication
> 
> 
> Tray telnet to port 25 of your working SMTP server and compare the output.
> Check
> 250-AUTH <list of supported auth mech>
> According to the provided log from the working server it should be LOGIN
> mech available in the list, which is not present on the new server.
> 
> Ihor
> 
> 
> Reed Lai wrote:
>> The maillog does not log the sm-mta: AUTH=server action. The functional
>> server has the AUTH=server action logged. How do I debug from this
>> different?
>>
>> Reed
>>
>> From: Reed Lai
>> Sent: Thursday, July 30, 2009 11:51 AM
>> To: FreeBSD Questions
>> Subject: Re: SMTP Authentication
>>
>>
>> The mail client is Windows Live Mail and it work well with the functional
>> server. Its SMTP authenication should be ok.
>>
>> Reed
>>
>>
>> From: Ihor Prystay
>> Sent: Thursday, July 30, 2009 10:49 AM
>> To: freebsd-questions at freebsd.org
>> Subject: Re: SMTP Authentication
>>
>>
>> your working server does support LOGIN mech while other one dosn't.
>> I doubt if your mail client has a support for GSSAPI DIGEST-MD5 CRAM-MD5
>> auth, usually it's PLAIN or/and LOGIN.
>>
>> Ihor
>>
>>
>>
>> Reed Lai wrote:
>>> Instruction of the "SMTP AUTO in sendmail 8.10-8.13" to test the
>>> Sendmail
>>>
>>> banyan# sendmail -d0.1 -bv root
>>> Version 8.14.2
>>> Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7
>>>                NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING
>>> SASLv2
>>>                SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
>>>
>>> ============ SYSTEM IDENTITY (after readcf) ============
>>>      (short domain name) $w = banyan
>>>  (canonical domain name) $j = banyan...com
>>>         (subdomain name) $m = ..com
>>>              (node name) $k = banyan...com
>>> ========================================================
>>>
>>> root... deliverable: mailer local, user root
>>>
>>> banyan# telnet localhost 25
>>> Trying 127.0.0.1...
>>> Connected to localhost.
>>> Escape character is '^]'.
>>> 220 banyan...com ESMTP Sendmail 8.14.2/8.14.2; Wed, 29 Jul 2009 21:19:40
>>> +0800 (CST)
>>> ehlo localhost
>>> 250-banyan...com Hello localhost [127.0.0.1], pleased to meet you
>>> 250-ENHANCEDSTATUSCODES
>>> 250-PIPELINING
>>> 250-8BITMIME
>>> 250-SIZE
>>> 250-DSN
>>> 250-ETRN
>>> 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5
>>> 250-DELIVERBY
>>> 250 HELP
>>>
>>> The Sendmail test seems OK
>>> But the SMTP authentication does not work from my mail client.
>>>
>>> Reed
>>>
>>>
>>> From: Reed Lai
>>> Sent: Wednesday, July 29, 2009 5:37 PM
>>> To: freebsd-questions at freebsd.org
>>> Subject: SMTP Authentication
>>>
>>>
>>> Hi,
>>>
>>> I have two freebsd mail servers both configured SMTP authentication:
>>>
>>>    FreeBSD Handbook 28.10 SMTP Authenticatin
>>>    http://www.freebsd.org/doc/en/books/handbook/smtp-auth.html
>>>
>>>    SMTP AUTO in sendmail 8.10-8.13
>>>    http://www.sendmail.org/~ca/email/auth.html
>>>
>>> One is functional, and the other one doesn't seem to work. Compare the
>>> maillogs of the two servers, there is an AUTH=server message appear in
>>> the
>>> functional server, but the other one has not.
>>>
>>> The maillog of functional server
>>> ======================
>>> Jul 29 16:15:10 maple sm-mta[57825]: AUTH=server, relay=59-....net
>>> [59...147], authid=a660407, mech=LOGIN, bits=0
>>> Jul 29 16:15:10 maple sm-mta[57825]: n6T8F9ej057825: from=<reedlai at ...>,
>>> size=1430, class=0, nrcpts=1,
>>> msgid=<40F9CC65E8874D128639A39C1EEBD410 at ReedXP>, proto=ESMTP,
>>> daemon=IPv4,
>>> relay=59-...net [59...147]
>>>
>>> The other one
>>> =========
>>> Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: ruleset=check_rcpt,
>>> arg1=<reedlai at ...>, relay=59-...-147.HINET-IP.hinet.net [59...147],
>>> reject=550 5.7.1 <reedlai at ...>... Relaying denied
>>> Jul 29 17:12:41 banyan sm-mta[2539]: n6T9Cf9q002539: from=<reedlai at ...>,
>>> size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4,
>>> relay=59-...-147.HINET-IP.hinet.net [59...147]
>>>
>>> It seems the other one's smtp authentication is not trigged.
>>>
>>> Please help or tip me for something I forget.
>>>
>>> Thank you!
>>>
>>> Reed
>>>
>>> _______________________________________________
>>> freebsd-questions at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>> To unsubscribe, send any mail to
>>> "freebsd-questions-unsubscribe at freebsd.org"
>>> _______________________________________________
>>> freebsd-questions at freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>>> To unsubscribe, send any mail to
>>> "freebsd-questions-unsubscribe at freebsd.org"
>>>
>>>
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>>
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>> _______________________________________________
>> freebsd-questions at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscribe at freebsd.org"
>>
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>

More information about the freebsd-questions mailing list